Posted
by
timothy
on Saturday February 25, 2012 @10:14PM
from the for-more-shiny-enter-password dept.

wiredmikey writes with this extract from Security Week: "On Friday, researchers from security firm Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications. Flashback was first discovered by Intego in September of 2011. It targets Java vulnerabilities on OS X, two of them to be exact, in order to infect the system. Should Flashback find that Java is fully updated, it will attempt to social engineer the malware's installation, by presenting an applet with a self-signed certificate. The certificate claims to be signed by Apple, but is clearly marked as invalid. However, users are known to skip such warnings, thus allowing the malware to be installed. ... The newest variant will render programs such as Safari and Skype unstable, causing them to crash. Interestingly enough, normally these are stable programs, so if they start suddenly crashing might be a sign of larger issues."

If you remember the "I'm a PC" and "I'm a Mac" commercials, the gist of several of the ads was that Macs COULDN'T be compromised like PCs.

While geeks always new better, I think the point the OP was trying to make is that the majority of Mac users, those who "just want it to work", were sold on the idea that they weren't succeptibal to viruses and malware.

Who says Mac users claim they don't get malware? It seems to be oft-repeated here on Slashdot, but whenever the topic of Mac security comes up actual Mac users post in the threads that they're well aware that OS X is not invulnerable, and in fact posting examples of trojans and malware that they remember hearing about.

It comes up every time, so the only people who seem to perpetuate the myth of the technology-literate Apple user who claims immunity from security threats are the ones seeking to mock the Reality Distortion Field and the users of Apple software as clueless.

Incidentally, this malware does have some relatively sneaky features - it allegedly avoids trying to install itself if it detects AV software, to attempt to avoid early detection. Crashing browsers is not a good start though. Not very subtle, since Safari doesn't really crash any more - it tends to be the helper process that crashes and that is restarted almost transparently to the user.

The "Im a PC ads" certainly made that statement. Youre not going to look at this ad...http://www.youtube.com/watch?v=GQb_Q8WRL_g [youtube.com]...and tell me that the implication isnt supposed to be that "Macs are immune to viruses".

I also find it telling that folks who are not very technical and not qualified to comment on the security of an OS somehow have this idea that Macs cant get viruses. Now where do you suppose that assumption comes from?

That commercial did not, in fact, make the statement that "Macs are immune to viruses."

It did say that there were "114,000 known viruses for PCs" to which the Mac replies "PCs. Not Macs."

It's worded in such a way that your casual listener will likely believe "Oh, Macs don't get PCs", but it's ALSO worded so that Apple could easily argue that they merely meant that there are simply *not* 114,000 viruses for Macs. Maybe there's 100,000. Maybe 150,000. Maybe 0. But they didn't say outright, "Macs don't get viruses."

It's their fault that everyone heard it that way and that everyone assumes that, but really. They never said Macs don't get viruses.

Apple, and their fans, have long insinuated that Macs don't get malware. It's a major part of their advertising campaign. Walk up to ten technically illiterate people and ask what the advantages are of Macs over PCs, and I'd wager at least half would say that they don't get viruses. I know that's why my sister bought one, as she flat out told me so (this was during the Vista era, so it wasn't worth correcting her). This belief didn't come from nowhere. Apple and their fans have carefully built it up over the years. Of course, whenever they're called out on this, they turn around and protest, "But we never actually said that it was immune."

It's dishonest marketing in the first place, but the real astounding dishonesty is to then deny it after the fact.

The only reason why Macs are perceived as more secure is because they have less market share, and therefore less interest to those who make the malware.

-1, Security Through Obscurity.

I'll remind you yet again that in the pre-OS X era, there was quite a bit of Mac malware floating around; never as much for DOS/Windows PCs, to be sure, but still a lot of it. At a rough guess, it existed about in proportion to the relative market share of the Mac OS... which kind of gives credence to the market share argument, except that when OS X became the standard, the number dropped to damn near zero, and stayed there for many years. There's more OS X malware out there than there used to be, now, but the proportion is still nowhere near the market share of OS X relative to Windows. And the vast majority of exploits are, like this one, browser-based, rather than targeting the OS itself.

In short, the market share argument is just as much bullshit as security-through-obscurity arguments always are.

The fact that this is even considered a story makes the point that Macs are still less afflicted by this stuff than Win boxes. Can you imagine if Slashdot were to post a story for every new Windows malware variant that appears?

It says, "I run Mac OS X, so I don't have to worry about your spyware and viruses."

I suppose the argument could be made that the commercial meant that the person running OS X didn't have to worry about anyone's spyware and viruses but his own (due to the word "your"), but only someone who was already on guard against Apple's duplicitous salesmanship would interpret the commercial in that way.

Also, because the Mac representative has spent the previous entirety of the commercial scoffing at the PC representative's paranoia, there is a much more obvious and likely meaning of "your spyware and viruses", as in, "Take your average virus, for example. It doesn't worry me." This usage of "your" does not convey possession (by the PC representative), and thus does not distinguish between viruses and spyware by platform.

**** END PEDANTRY DETERRENCE ****

The commercial clearly suggests that Mac OS X boasts some special resistance or protection (immunity, perhaps?) against spyware and viruses that saves its users the trouble of worrying about same.

The only reason why Macs are perceived as more secure is because they have less market share, and therefore less interest to those who make the malware. Period.

Nah. Macs are perceived as more secure because Apple ~advertises~ them that way.

PCs are perceived as less secure because the mainstream (Windows/PC) software ecosystem, including FUD miscreants like Symantec, McAfee, and Trend Micro, market their products and maintain their control via scare tactics. They make malware sound more pervasive and damaging than it is. Ironically, most of the damage comes from their products.

The reality is that Macs and PCs are of approximately equal value to malware authors. PCs, because there are more of them. Macs, because they are generally higher-value targets.

Don't kid yourself based on the advertising and marketing.

fwiw I supported hundreds of Macs in the late 80s/early 90s, and viruses were a huge issue even then. We spent almost as much time removing viruses, as we did recovering files from corrupted floppies.:)